Re: pf.conf macros not working - syntax error

On Thu, May 26, 2022 at 4:40 PM Stefan Haller <stefan+freebsd@stha.de>
wrote:

> On Thu, May 26, 2022 at 04:32:01PM +0300, Odhiambo Washington wrote:
> > Why do you need so many " " ? Can you please remove the double quotes
> > inside the braces?
> > You already quoted the foo and bar so I see no need to re-quote them
> inside
> > the braces.
> >
> > [16:24 ~ ]$ pfctl -nvf file
> > foo = "10.0.0.0/24"
> > bar = "10.1.0.0/24"
> > baz = "{ $foo $bar }"
>
> Unfortunately, this does not work, because inside "..." macros are not
> expanded. The macro baz literally contains the string "{ $foo $bar }".
>
> If we later use the macro baz as in
>
> > baz = "$foo $bar"
> > block in from $baz to any
>
> We get the syntax error (rightfully) on the block line.
>
> This is also properly documented in pf.conf(5):
>
> > MACROS
> >      Macros can be defined that will later be expanded in context.  Macro
> >      names must start with a letter, and may contain letters, digits and
> >      underscores.  Macro names may not be reserved words (for example
> pass,
> >      in, out).  Macros are not expanded inside quotes.
> >
> >      For example,
> >
> >            ext_if = "kue0"
> >            all_ifs = "{" $ext_if lo0 "}"
> >            pass out on $ext_if from any to any
> >            pass in  on $ext_if proto tcp from any to any port 25
>

In which case then it's a bug.

freebsd-pf@ would be the right platform to address that, I believe.



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)